Networked

Type your comment> @djbrains said:

argh, its drving me nuts

Without trying to give too much away…
Look at the characters you can enter without stopping the script from progressing. Then take advice that’s already been said, try to fuzz the input, but not necessarily with many characters.
Let the script finish and pay attention to the error messages.
You will get different errors based on your input. Once you get that it should be pretty clear.

Rooted. PM me with what you’ve done so far for hints.

Type your comment> @DameDrewby said:

Type your comment> @djbrains said:

argh, its drving me nuts

Without trying to give too much away…
Look at the characters you can enter without stopping the script from progressing. Then take advice that’s already been said, try to fuzz the input, but not necessarily with many characters.
Let the script finish and pay attention to the error messages.
You will get different errors based on your input. Once you get that it should be pretty clear.

I’ve been ignoring the error’s :open_mouth:

I find first step, any hint where to find ?

Type your comment> @tripster98 said:

I think we are supposed to use exiftool for uploading the image?

No. No need. google magic bytes and how they are used

ok so I have a shell but everything on this box is owned by root except the user ***y and my shell dropped me in as user ***che. Im hitting nothing but walls. Anyone have any friendly advice?

So I was in uploads folder and saw some weird uploads by people who dont know how to upload the first shell. I just saw a file name having ‘XSS’ in it. Stop the trial and error and go google file upload vulnerabilty. There are 4-5 methods and practise and try all of them. I am now attempting user. Folks who are complete beginners can pm me if you need help.

Completely stuck! using the u**** function and tried pretty much all bypa*** to u****
Can someone nudge?

root finally

guys need a nudge on the box. I have got the reverse shell but not able to dig further. Kindly help.

Type your comment> @Gordin said:

@tripster98 said:

 I think we are supposed to use exiftool for uploading the image?

I recommend you and everyone stuck on the initial shell to keep it simple. There is a very trivial procedure to inject a payload into an image file and it works on this machine. Also, to be on the safe side, consider using one of the images which are already uploaded to the gallery by localhost to avoid eventual size and format restrictions.

Hi, thank for the tips. I used one of the image in the i***s folder and put my reverse shell in it. Uploaded it successfully but when i refresh the gallery i can’t see it. I’ve got one of my console in listening mode (nc -lvp 1234), but nothing happens…

Trying to figure what i am doing wrong…

User at long last…thanks @tang0 again for sticking with me taught me alot your a solid dude. Now on to root…

Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.

PMs are welcome :slight_smile:

without > @Un1k0d3r said:

Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.

How the f*** did you get user if your apache?

Type your comment> @letMel00kDeepr said:

without > @Un1k0d3r said:

Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.

How the f*** did you get user if your apache?

Thanks :wink: . BTW, I got the root :slight_smile:

Got root. My first ever htb box!! If someone is finding difficulty in any part of the process, feel free to pm me.

I have to say even though it’s rated as an easy box I learned a ton. For root don’t overthink things!!

So I was able to get the initial shell triggered simply. Though reading through this c_a.php file I have no idea what I am looking at. Not great with PHP but it seems you don’t have to be. I must be missing something obvious as usual. Anyone wants to PM a nudge would be helpful :slight_smile:

Edit: wow yeah I was totally missing something obvious,. thanks for the tips. now for root.
Okay root was easy once you know the exploit which is not hard to find when you see what the script is doing.

Need a nudge for user… I can see the user.txt file, but cant read it. I see c****_a*****.php. Is that needed in any way ? What does touch have to do with all this ? thanks

Guys i need help im stuck on apache im struggling to escalate i see what i have to do i just dont know how to do…pm’s are welcome